Forcing HTTPS using .htaccess (with conditions)

With the major search engines preferring secure websites and free SSL certificates becomming more readily available, it’s not just ecommerce websites that benefit from a secure website.

Here is a little bit of code that (if you’re using an apache server with mod_rewrite support) will 301 redirect all of your web pages to their secure alternative.

Obviously, it goes without saying that you should try to secure as must as possible, however there are times when you may need to stop certain pages being presented as HTTPS (usually for some random 3rd party access) so I’ve included a few examples of how to include certain exceptions to the rule.

d) Checking for the website / subdomain - e.g. if you have a single file-base used through different domains

2. We perform our rewrite rule (anything in the URL request after the domain to be re-written to the new domain structure)

That’s about it really. Once you’ve done this you should also make sure your internal linking is pointing to your secure pages (this way search engines won’t need to keep being redirected as they browse your internal linking structure).